Pharmacy prescription services provider A&A Services, which operates as Sav-Rx, has started notifying roughly 2.8 million individuals that their personal information was compromised in a cyberattack.  The company said the cyberattack occurred on October 8, 2023.  The company noted that the attackers accessed non-clinical systems containing personal information and exfiltrated their data.  The compromised information includes names, addresses, dates of birth, email addresses, phone numbers, Social Security numbers, eligibility data, and insurance identification numbers.

Ransomware attacks on VMware ESXi infrastructure follow a pattern regardless of the malware used. According to researchers at Sygnia, virtualization platforms are essential to organizational Information Technology (IT) infrastructure but often have misconfigurations and vulnerabilities, making them lucrative and effective targets for threat actors.

A team of Towson University and University of Maryland researchers is trying to identify every possible way to breach voting machines in order to uncover vulnerabilities and help election officials fix them. Questions regarding voting machines, such as whether a sophisticated cyberattack on a machine could go undetected, remain. The researchers hope their preliminary analysis will reassure voters by assessing the likelihood of such scenarios. This project considers cyber, physical, and insider threats.

MITRE found that state-sponsored hackers exploited zero-day vulnerabilities in an Ivanti product to access its Networked Experimentation, Research, and Virtualization Environment (NERVE), a collaborative network for research, development, and prototyping. On January 10, Volexity revealed that Chinese hackers had compromised Ivanti Virtual Private Network (VPN) devices using the vulnerabilities.

Cyberhaven found that employees are increasingly entering sensitive data into Artificial Intelligence (AI)-driven chatbots such as ChatGPT and Gemini. The company's "AI Adoption and Risk Report," also noted a rise in "Shadow AI," which is the workplace use of AI tools on personal accounts without corporate safeguards. Due to the lack of visibility and control over employee use of Shadow AI, organizations may be unable to protect confidential employee, customer, and business data. This article continues to discuss key findings regarding

CloudSEK discovered that fake Pegasus spyware source code is being sold on the dark web, surface web, and instant messaging platforms. Researchers at CloudSEK searched the clear and dark web for spyware threats after Apple warned about "mercenary spyware" attacks. Many of the nearly 25,000 analyzed Telegram posts claimed to sell authentic Pegasus source code, a spyware strain commercialized by the Israeli company NSO Group. Most of the posts offered illegal services, often mentioning Pegasus and NSO tools.

The new ransomware strain "ShrinkLocker" creates a boot partition to encrypt corporate systems with Windows BitLocker. ShrinkLocker, which shrinks non-boot partitions to create the boot volume, has targeted a government agency and vaccine and manufacturing companies. This article continues to discuss findings regarding the new ShrinkLocker ransomware.

By dgoff

A new infostealer malware campaign called "Gipy" targets users in Germany, Russia, Spain, and Taiwan with phishing lures regarding an Artificial Intelligence (AI) voice changer. Gipy malware, which emerged in early 2023, allows attackers to steal data, mine cryptocurrency, and install additional malware. In this case, threat actors promise victims a legitimate AI voice-altering app. The app works as promised after installation, while Gipy malware is delivered in the background. When Gipy is run, password-protected malware from GitHub is launched.

According to the cybersecurity company Rapid7, software vulnerabilities in a Hyundai Motor app that lets cars be started remotely made them vulnerable to hackers for three months before the company fixed the bug in March. Rapid7 research director Tod Beardsley said Hyundai's December 8, 2016 update to its Blue Link mobile app allowed car thieves to locate, unlock, and start vulnerable vehicles. This article continues to discuss the potential exploitation and impact of the vulnerabilities in the Hyundai app.